severity 463907 grave
thanks
Hi,
* Frank Lichtenheld <[EMAIL PROTECTED]> [2008-02-04 12:56]:
> Package: wml
> Version: 2.0.11-1
> Severity: serious
> Tags: security
>
> The following code in wml_backend/p1_ipp/ipp.src is obviously unsafe
> (and actually causing practical problems during the Debian website
> build):
>
> $tmpdir = $ENV{'TMPDIR'} || '/tmp';
> $tmpfile = $tmpdir . "/ipp.$$.tmp";
> unlink($tmpfile);
> $tmp = new IO::File;
> $tmp->open(">$tmpfile") || error("cannot write into $tmpfile: $!");
[...] Thanks I confirmed this, a CVE id is pending. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgphlECcYqWX2.pgp
Description: PGP signature
